Well many of China’s websites don’t even use HTTPS. Look at china.org.cn, or en.people.cn for example
Comment on DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers
pennomi@lemmy.world 3 weeks ago
The hell? There’s no reason to use plain HTTP instead of HTTPS.
And symmetric encryption is wildly irresponsible as well.
dragonlobster@programming.dev 3 weeks ago
cadekat@pawb.social 3 weeks ago
Depends on how much traffic you’re talking about. Encrypting/decrypting isn’t free.
pennomi@lemmy.world 3 weeks ago
It’s trivial compared to the compute they dedicate to AI models. Like, not even a rounding error.
cadekat@pawb.social 3 weeks ago
A penny saved is still a penny saved. I’m not saying it would amount to much, but it is non-zero.
0xD@infosec.pub 3 weeks ago
These are completely different systems. It doesn’t make a difference.
webghost0101@sopuli.xyz 3 weeks ago
Not for s second do I believe this was a accidental oversight.
I am sure they had very good reasons, all alligned with their actual interests with no thought spared to even consider consequences for small fish users.
kinsnik@lemmy.world 3 weeks ago
i just can’t think of any. like the article says, i fully expected the app to send data to china. but even if you are maliciously spying on users, why would you send the stolen data on unsecured channels? so that everyone in the path takes advantage of the data your wanted to steal?
fmstrat@lemmy.nowsci.com 3 weeks ago
If forced to relocate servers to a US partner,it leaves an attack vector.
trolololol@lemmy.world 3 weeks ago
Yep I’m with you.
It’s so easy to use https with secure encryption. It’s the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.